Q
Problem solve Get help with specific problems with your technologies, process and projects.

How to determine if a common process has been hacked

When trying to ID some stealthy Trojan, how can I ensure that the hacker has not hacked part of a common process such as outlook.exe or iexplore.exe?
You could do an integrity check of those files. Using a program like Tripwire or just an md5 calculator, you can get a fingerprint of the normal outlook.exe and iexplore.exe programs. Then, you can check to see if they have changed. If they have changed, it means you have either installed a patch or someone has altered them, possibly maliciously.


For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: Inspect files and directories for unexpected changes
Tech Tip: Verify your data
Best Web Links: Securing your products and platforms


This was last published in July 2002

Dig Deeper on Network device security: Appliances, firewalls and switches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close